Leveraging User-related Internet of Things for Continuous Authentication

Among all Internet of Things (IoT) devices, a subset of them are related to users. Leveraging these user-related IoT elements, it is possible to ensure the identity of the user for a period of time, thus avoiding impersonation. This need is known as Continuous Authentication (CA). Since 2009, a plethora of IoT-based CA academic research and industrial contributions have been proposed. We offer a comprehensive overview of 58 research papers regarding the main components of such a CA system. The status of the industry is studied as well, covering 32 market contributions, research projects, and related standards. Lessons learned, challenges, and open issues to foster further research in this area are finally presented.

[1]  陶建斌,et al.  Naive Bayesian Classifier在遥感影像分类中的应用研究 , 2009 .

[2]  Helen Tang,et al.  A Prototype Implementation of Continuous Authentication for Tactical Applications , 2016, ADHOCNETS.

[3]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[4]  Simon Tjoa,et al.  Touch to Authenticate — Continuous Biometric Authentication on Mobile Devices , 2015, 2015 1st International Conference on Software Security and Assurance (ICSSA).

[5]  Panagiotis Demestichas,et al.  Performance evaluation of artificial neural network-based learning schemes for cognitive radio systems , 2010, Comput. Electr. Eng..

[6]  Tao Feng,et al.  Continuous mobile authentication using a novel Graphic Touch Gesture Feature , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[7]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[8]  Carlo Maria Medaglia,et al.  An Overview of Privacy and Security Issues in the Internet of Things , 2010 .

[9]  Gregory R. Ganger,et al.  Secure Continuous Biometric-Enhanced Authentication , 2000 .

[10]  Minh-Triet Tran,et al.  Smart Kiosk with Gait-Based Continuous Authentication , 2015, HCI.

[11]  Gang Zhou,et al.  Sensor-Based Continuous Authentication Using Cost-Effective Kernel Ridge Regression , 2018, IEEE Access.

[12]  Anirban Mahanti,et al.  Gesture-Based Continuous Authentication for Wearable Devices: The Smart Glasses Use Case , 2016, ACNS.

[13]  Sugata Sanyal,et al.  Survey of Security and Privacy Issues of Internet of Things , 2015, ArXiv.

[14]  Chee-Wee Tan,et al.  Traversing knowledge networks: an algorithmic historiography of extant literature on the Internet of Things (IoT) , 2017 .

[15]  Elena N. Zaitseva,et al.  A Review of Continuous Authentication Using Behavioral Biometrics , 2016, SEEDA-CECNSM '16.

[16]  C. L. Philip Chen,et al.  Adaptive least squares support vector machines filter for hand tremor canceling in microsurgery , 2011, Int. J. Mach. Learn. Cybern..

[17]  Wenyao Xu,et al.  Cardiac Scan: A Non-contact and Continuous Heart-based User Authentication System , 2017, MobiCom.

[18]  Martti Mäntylä,et al.  A disruption framework , 2017 .

[19]  Qing Yang,et al.  HMOG: New Behavioral Biometric Features for Continuous Authentication of Smartphone Users , 2015, IEEE Transactions on Information Forensics and Security.

[20]  Tim Storer,et al.  A framework for continuous, transparent mobile device authentication , 2013, Comput. Secur..

[21]  Yuan-Ting Zhang,et al.  Physiological Signal Based Entity Authentication for Body Area Sensor Networks and Mobile Healthcare Systems , 2005, 2005 IEEE Engineering in Medicine and Biology 27th Annual Conference.

[22]  Wolfgang Leister,et al.  A Novel Authentication Framework Based on Biometric and Radio Fingerprinting for the IoT in eHealth , 2014 .

[23]  Éric Gaussier,et al.  A Probabilistic Interpretation of Precision, Recall and F-Score, with Implication for Evaluation , 2005, ECIR.

[24]  Biing-Hwang Juang,et al.  Minimum classification error rate methods for speech recognition , 1997, IEEE Trans. Speech Audio Process..

[25]  Alessandro Saffiotti,et al.  IoT European Large-Scale Pilots – Integration, Experimentation and Testing , 2017 .

[26]  Steven Furnell,et al.  Continuous and transparent multimodal authentication: reviewing the state of the art , 2015, Cluster Computing.

[27]  Rama Chellappa,et al.  Attribute-based continuous user authentication on mobile devices , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[28]  Nathan Clarke,et al.  Behaviour profiling for transparent authentication for mobile devices , 2011, ECIW 2011 2011.

[29]  Wouter Joosen,et al.  SmartAuth: dynamic context fingerprinting for continuous user authentication , 2015, SAC.

[30]  Hiroshi Tanaka,et al.  Comparison of Seven Algorithms to Predict Breast Cancer Survival( Contribution to 21 Century Intelligent Technologies and Bioinformatics) , 2008 .

[31]  Cha Zhang,et al.  Ensemble Machine Learning , 2012 .

[32]  Sandeep Kumar,et al.  Continuous Verification Using Multimodal Biometrics , 2006, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[33]  อนิรุธ สืบสิงห์,et al.  Data Mining Practical Machine Learning Tools and Techniques , 2014 .

[34]  Wael Louis,et al.  Continuous Authentication Using One-Dimensional Multi-Resolution Local Binary Patterns (1DMRLBP) in ECG Biometrics , 2016, IEEE Transactions on Information Forensics and Security.

[35]  Elias Z. Tragos,et al.  Internet of things cognitive transformation technology research trends and applications , 2017 .

[36]  Chao Shen,et al.  Touch-interaction behavior for continuous user authentication on smartphones , 2015, 2015 International Conference on Biometrics (ICB).

[37]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[38]  Stephen S. Yau,et al.  An Effective Approach to Continuous User Authentication for Touch Screen Smart Devices , 2015, 2015 IEEE International Conference on Software Quality, Reliability and Security.

[39]  Krupal S. Parikh,et al.  Support Vector Machine – A Large Margin Classifier to Diagnose Skin Illnesses , 2016 .

[40]  Angelos Stavrou,et al.  Continuous Authentication on Mobile Devices Using Power Consumption, Touch Gestures and Physical Movement of Users , 2015, RAID.

[41]  Mohsen Guizani,et al.  Smart Cities: A Survey on Data Management, Security, and Enabling Technologies , 2017, IEEE Communications Surveys & Tutorials.

[42]  Isao Nakanishi,et al.  Using brain waves as transparent biometrics for on-demand driver authentication , 2013, Int. J. Biom..

[43]  Abdulmotaleb El-Saddik,et al.  ECG Authentication for Mobile Devices , 2016, IEEE Transactions on Instrumentation and Measurement.

[44]  Nir Friedman,et al.  Bayesian Network Classifiers , 1997, Machine Learning.

[45]  Rama Chellappa,et al.  Continuous User Authentication on Mobile Devices: Recent progress and remaining challenges , 2016, IEEE Signal Processing Magazine.

[46]  Jun Yang,et al.  SenGuard: Passive user identification on smartphones using multiple sensors , 2011, 2011 IEEE 7th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[47]  Jain-Shing Wu,et al.  Smartphone continuous authentication based on keystroke and gesture profiling , 2015, 2015 International Carnahan Conference on Security Technology (ICCST).

[48]  Jean-Marie Bonnin,et al.  Toward a Smart Health-Care Architecture Using WebRTC and WoT , 2017, WorldCIST.

[49]  Rama Chellappa,et al.  Partial face detection for continuous authentication , 2016, 2016 IEEE International Conference on Image Processing (ICIP).

[50]  Tao Feng,et al.  Continuous mobile authentication using touchscreen gestures , 2012, 2012 IEEE Conference on Technologies for Homeland Security (HST).

[51]  Weizhi Meng,et al.  Smartphone User Authentication Using Touch Dynamics in the Big Data Era: Challenges and Opportunities , 2017 .

[52]  Tamalika Mukherjee An Approach to Software Development for Continuous Authentication of Smart Wearable Device Users , 2017 .

[53]  Ruby B. Lee,et al.  Implicit Smartphone User Authentication with Sensors and Contextual Machine Learning , 2017, 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[54]  Tao Feng,et al.  Continuous Mobile Authentication Using Virtual Key Typing Biometrics , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[55]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[56]  David M. W. Powers,et al.  Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlation , 2011, ArXiv.

[57]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[58]  S. J. Shepherd Continuous authentication by analysis of keyboard typing characteristics , 1995 .

[59]  Ragib Hasan,et al.  Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things , 2015, 2015 IEEE World Congress on Services.

[60]  Steven Furnell,et al.  Text-Based Active Authentication for Mobile Devices , 2014, SEC.

[61]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[62]  Carl E. Rasmussen,et al.  The Infinite Gaussian Mixture Model , 1999, NIPS.

[63]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[64]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[65]  Eugenijus Kaniusas,et al.  Fundamentals of Biosignals , 2012 .

[66]  Jonathan Loo,et al.  Continuous authentication of smartphone users based on activity pattern recognition using passive mobile sensing , 2018, J. Netw. Comput. Appl..

[67]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[68]  Ingo Stengel,et al.  A survey of continuous and transparent multibiometric authentication systems , 2015 .

[69]  Nasir D. Memon,et al.  An HMM-based multi-sensor approach for continuous mobile authentication , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[70]  Anil K. Jain,et al.  Continuous authentication of mobile user: Fusion of face image and inertial Measurement Unit data , 2015, 2015 International Conference on Biometrics (ICB).

[71]  T. Soni Madhulatha,et al.  An Overview on Clustering Methods , 2012, ArXiv.

[72]  Kang G. Shin,et al.  Continuous Authentication for Voice Assistants , 2017, MobiCom.

[73]  Kiran S. Balagani,et al.  Secure privacy-preserving protocols for outsourcing continuous authentication of smartphone users with touch data , 2013, 2013 IEEE Sixth International Conference on Biometrics: Theory, Applications and Systems (BTAS).

[74]  Shuangquan Wang,et al.  Continuous Authentication With Touch Behavioral Biometrics and Voice on Wearable Glasses , 2017, IEEE Transactions on Human-Machine Systems.

[75]  Kai Zhao,et al.  A Survey on the Internet of Things Security , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[76]  Wouter Joosen,et al.  Improving Resilience of Behaviometric Based Continuous Authentication with Multiple Accelerometers , 2017, DBSec.

[77]  Steven P. Weber,et al.  Active Authentication on Mobile Devices via Stylometry, Application Usage, Web Browsing, and GPS Location , 2015, IEEE Systems Journal.

[78]  Jaeho Kim,et al.  OpenIoT: An open service framework for the Internet of Things , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[79]  Mahmoud Ammar,et al.  Journal of Information Security and Applications , 2022 .

[80]  Issa Traore,et al.  Performance Metrics and Models for Continuous Authentication Systems , 2012 .

[81]  Bernhard Schölkopf,et al.  The Kernel Trick for Distances , 2000, NIPS.

[82]  Mahesh Pal,et al.  Random forest classifier for remote sensing classification , 2005 .

[83]  Christian Holz,et al.  Biometric Touch Sensing: Seamlessly Augmenting Each Touch with Continuous Authentication , 2015, UIST.

[84]  Mazliza Othman,et al.  Internet of Things security: A survey , 2017, J. Netw. Comput. Appl..

[85]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[86]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[87]  Burak Kantarci,et al.  Social Behaviometrics for Personalized Devices in the Internet of Things Era , 2017, IEEE Access.

[88]  D. Skiba The Internet of Things (IoT). , 2013, Nursing education perspectives.

[89]  J. Doug Tygar,et al.  Adversarial machine learning , 2019, AISec '11.

[90]  Vili Podgorelec,et al.  Decision trees , 2018, Encyclopedia of Database Systems.

[91]  Gerardo Canfora,et al.  Silent and Continuous Authentication in Mobile Environment , 2016, SECRYPT.

[92]  Roberto Sassi,et al.  ECG biometric recognition: Permanence analysis of QRS signals for 24 hours continuous authentication , 2013, 2013 IEEE International Workshop on Information Forensics and Security (WIFS).

[93]  Roberto Sassi,et al.  A preliminary study on continuous authentication methods for photoplethysmographic biometrics , 2013, 2013 IEEE Workshop on Biometric Measurements and Systems for Security and Medical Applications.

[94]  Munindar P. Singh,et al.  Continuous Authentication and Authorization for the Internet of Things , 2017, IEEE Internet Computing.

[95]  Hans-Peter Kriegel,et al.  A Density-Based Algorithm for Discovering Clusters in Large Spatial Databases with Noise , 1996, KDD.

[96]  Susmita Sur-Kolay,et al.  CABA: Continuous Authentication Based on BioAura , 2017, IEEE Transactions on Computers.

[97]  Andreas Riener,et al.  Sitting Postures and Electrocardiograms: A Method for Continuous and Non-Disruptive Driver Authentication , 2012 .

[98]  Soumik Mondal,et al.  Continuous authentication and identification for mobile devices: Combining security and forensics , 2015, 2015 IEEE International Workshop on Information Forensics and Security (WIFS).

[99]  Diane J. Cook,et al.  Smart secure homes: a survey of smart home technologies that sense, assess, and respond to security threats , 2017, Journal of Reliable Intelligent Environments.

[100]  Mohammed Boulmalf,et al.  Smartphone: The Ultimate IoT and IoE Device , 2017 .

[101]  Becky Shergill Join our Team , 2018 .

[102]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[103]  José María de Fuentes,et al.  Secure and Usable User-in-a-Context Continuous Authentication in Smartphones Leveraging Non-Assisted Sensors , 2018, Sensors.

[104]  Michael R. Lyu,et al.  Towards Continuous and Passive Authentication via Touch Biometrics: An Experimental Study on Smartphones , 2014, SOUPS.

[105]  Lu Zhou,et al.  I Walk, Therefore I Am: Continuous User Authentication with Plantar Biometrics , 2018, IEEE Communications Magazine.

[106]  Robert E. Schapire,et al.  Explaining AdaBoost , 2013, Empirical Inference.

[107]  Mauro Roisenberg,et al.  Continuous Authentication by Keystroke Dynamics Using Committee Machines , 2006, ISI.

[108]  Gang Zhou,et al.  Using Data Augmentation in Continuous Authentication on Smartphones , 2019, IEEE Internet of Things Journal.

[109]  James M. Keller,et al.  A fuzzy K-nearest neighbor algorithm , 1985, IEEE Transactions on Systems, Man, and Cybernetics.

[110]  Yoav Freund,et al.  Experiments with a New Boosting Algorithm , 1996, ICML.

[111]  P. J. Huber The behavior of maximum likelihood estimates under nonstandard conditions , 1967 .

[112]  Lorrie Faith Cranor,et al.  Better Together: Usability and Security Go Hand in Hand , 2014, IEEE Security & Privacy.

[113]  Juan E. Tapiador,et al.  Security and privacy issues in implantable medical devices: A comprehensive survey , 2015, J. Biomed. Informatics.

[114]  Ashutosh Saxena,et al.  A dynamic ID-based remote user authentication scheme , 2004, IEEE Transactions on Consumer Electronics.

[115]  Miao Wu,et al.  Research on the architecture of Internet of Things , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[116]  Uthpala Subodhani Premarathne,et al.  Reliable context-aware multi-attribute continuous authentication framework for secure energy utilization management in smart homes , 2015 .

[117]  Kemal Akkaya,et al.  WACA: Wearable-Assisted Continuous Authentication , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[118]  Juan E. Tapiador,et al.  Real-time electrocardiogram streams for continuous authentication , 2017, Appl. Soft Comput..

[119]  Prasant Mohapatra,et al.  WearIA: Wearable device implicit authentication based on activity information , 2017, 2017 IEEE 18th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[120]  Yu Guan,et al.  Mobile Based Continuous Authentication Using Deep Features , 2018, EMDL@MobiSys.

[121]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[122]  Leo Breiman,et al.  Bagging Predictors , 1996, Machine Learning.

[123]  Ning Zhang,et al.  A survey on touch dynamics authentication in mobile devices , 2016, Comput. Secur..

[124]  Sevasti Karatzouni Non-intrusive continuous user authentication for mobile devices , 2014 .

[125]  Yasuo Matsuyama,et al.  Brain signal's low-frequency fits the continuous authentication , 2015, Neurocomputing.

[126]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[127]  Heinrich Hußmann,et al.  Touch me once and i know it's you!: implicit authentication based on touch screen patterns , 2012, CHI.

[128]  Simon Duquennoy,et al.  Towards Blockchain-based Auditable Storage and Sharing of IoT Data , 2017, CCSW.

[129]  Shancang Li,et al.  5G Internet of Things: A survey , 2018, J. Ind. Inf. Integr..

[130]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[131]  Hongming Cai,et al.  The design of an m-Health monitoring system based on a cloud computing platform , 2017, Enterp. Inf. Syst..

[132]  Roger Clarke,et al.  Human Identification in Information Systems , 1994 .

[133]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[134]  Tai-hoon Kim,et al.  Applications, Systems and Methods in Smart Home Technology: A Review , 2010 .

[135]  Khalil El-Khatib,et al.  Continuous authentication by electrocardiogram data , 2009, 2009 IEEE Toronto International Conference Science and Technology for Humanity (TIC-STH).

[136]  Tempestt J. Neal,et al.  Mobile device application, Bluetooth, and Wi-Fi usage data as behavioral biometric traits , 2015, 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[137]  Long Nguyen,et al.  ISO/IEC 9798−6. Information technology – Security techniques – Entity authentication – Part 6: Mechanisms using manual data transfer , 2010 .

[138]  Wenyuan Xu,et al.  WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[139]  Cha Zhang,et al.  Ensemble Machine Learning: Methods and Applications , 2012 .

[140]  Kim Schaffer Expanding Continuous Authentication with Mobile Devices , 2015, Computer.

[141]  Roberto Di Pietro,et al.  Smart health: A context-aware health paradigm within smart cities , 2014, IEEE Communications Magazine.

[142]  Rajesh Kumar,et al.  Continuous authentication of smartphone users by fusing typing, swiping, and phone movement patterns , 2016, 2016 IEEE 8th International Conference on Biometrics Theory, Applications and Systems (BTAS).

[143]  Albert Bifet,et al.  DATA STREAM MINING A Practical Approach , 2009 .

[144]  Konrad Rieck,et al.  Continuous Authentication on Mobile Devices by Analysis of Typing Motion Behavior , 2014, Sicherheit.

[145]  Tsutomu Fujita,et al.  Toward Introduction of Immunity-based Model to Continuous Behavior-based User Authentication on Smart Phone , 2013, KES.